3 matches found
FreeBSD : py-wagtail -- stored XSS vulnerability (17efbe19-4e72-426a-8016-2b4e001c1378)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 17efbe19-4e72-426a-8016-2b4e001c1378 advisory. - Wagtail is an open source content management system built on Django. Starting in version 1.5 and prio...
aimmo (>=0.57.1 <=1.3.1b671), cfl-common (>=4.3.0 <=5.26.7) +107 more potentially affected by CVE-2023-28836 via wagtail (>=1.6.0rc1 <=4.0.4)
wagtail PYPI version =1.6.0rc1, =0.57.1, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =0.1.29, =0.2.0, =2.0.3, =0.2.4, =5.22.3, =0.0.1, =8.0.0, =10.1.1 and more Source cves: CVE-2023-28836 Source advisory: OSV:GHSA-5286-F2RF-35C2...
CVE-2023-28836
Wagtail CVE-2023-28836 describes a stored XSS in ModelAdmin views (ChooseParentView for pages; InspectView for documents). A user with limited-permission editor can craft content that, when viewed by a higher-privilege user, could act with that user’s credentials. The issue affects Wagtail versio...